/*     */ package com.zimbra.qa.unittest;
/*     */ 
/*     */ import com.zimbra.common.account.Key.CacheEntryBy;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.util.CliUtil;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.AccessManager;
/*     */ import com.zimbra.cs.account.AccessManager.ViaGrant;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.AuthToken;
/*     */ import com.zimbra.cs.account.DistributionList;
/*     */ import com.zimbra.cs.account.Domain;
/*     */ import com.zimbra.cs.account.Entry;
/*     */ import com.zimbra.cs.account.GuestAccount;
/*     */ import com.zimbra.cs.account.NamedEntry;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.cs.account.Provisioning.CacheEntry;
/*     */ import com.zimbra.cs.account.Zimlet;
/*     */ import com.zimbra.cs.account.accesscontrol.ACLAccessManager;
/*     */ import com.zimbra.cs.account.accesscontrol.ACLUtil;
/*     */ import com.zimbra.cs.account.accesscontrol.AdminRight;
/*     */ import com.zimbra.cs.account.accesscontrol.AllowedAttrs;
/*     */ import com.zimbra.cs.account.accesscontrol.AllowedAttrs.Result;
/*     */ import com.zimbra.cs.account.accesscontrol.CheckAttrRight;
/*     */ import com.zimbra.cs.account.accesscontrol.GranteeType;
/*     */ import com.zimbra.cs.account.accesscontrol.Right;
/*     */ import com.zimbra.cs.account.accesscontrol.RightBearer.Grantee;
/*     */ import com.zimbra.cs.account.accesscontrol.RightCommand;
/*     */ import com.zimbra.cs.account.accesscontrol.RightManager;
/*     */ import com.zimbra.cs.account.accesscontrol.RightModifier;
/*     */ import com.zimbra.cs.account.accesscontrol.Rights.User;
/*     */ import com.zimbra.cs.account.accesscontrol.TargetType;
/*     */ import com.zimbra.cs.account.accesscontrol.ZimbraACE;
/*     */ import com.zimbra.cs.service.AuthProvider;
/*     */ import com.zimbra.qa.unittest.prov.ldap.ACLTestUtil.KeyAuthToken;
/*     */ import com.zimbra.soap.admin.type.CacheEntryType;
/*     */ import com.zimbra.soap.admin.type.GranteeSelector.GranteeBy;
/*     */ import com.zimbra.soap.type.TargetBy;
/*     */ import java.io.PrintStream;
/*     */ import java.util.HashMap;
/*     */ import java.util.HashSet;
/*     */ import java.util.List;
/*     */ import java.util.Map;
/*     */ import java.util.Set;
/*     */ import junit.framework.Assert;
/*     */ import junit.framework.AssertionFailedError;
/*     */ import junit.framework.TestCase;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public abstract class TestACL
/*     */   extends TestCase
/*     */ {
/*  67 */   protected static boolean CHECK_LIMIT = false;
/*     */   
/*  69 */   protected static final AccessManager mAM = AccessManager.getInstance();
/*  70 */   protected static final Provisioning mProv = Provisioning.getInstance();
/*  71 */   protected static final String TEST_ID = TestProvisioningUtil.genTestId();
/*  72 */   protected static final String DOMAIN_NAME = TestProvisioningUtil.baseDomainName("test-ACL", TEST_ID);
/*     */   
/*     */   protected static final String PASSWORD = "test123";
/*     */   
/*  76 */   protected static final Right USER_RIGHT = Rights.User.R_viewFreeBusy;
/*     */   
/*     */   protected static Right ADMIN_RIGHT_ACCOUNT;
/*     */   
/*     */   protected static Right ADMIN_RIGHT_CALENDAR_RESOURCE;
/*     */   
/*     */   protected static Right ADMIN_RIGHT_CONFIG;
/*     */   protected static Right ADMIN_RIGHT_COS;
/*     */   protected static Right ADMIN_RIGHT_DISTRIBUTION_LIST;
/*     */   protected static Right ADMIN_RIGHT_DOMAIN;
/*     */   protected static Right ADMIN_RIGHT_GLOBALGRANT;
/*     */   protected static Right ADMIN_RIGHT_SERVER;
/*     */   protected static Right ADMIN_RIGHT_ZIMLET;
/*     */   protected static Account mSysAdminAcct;
/*     */   
/*     */   static
/*     */   {
/*  93 */     System.out.println();
/*  94 */     System.out.println("AccessManager: " + mAM.getClass().getName());
/*  95 */     System.out.println();
/*     */     
/*     */     try
/*     */     {
/*  99 */       Domain domain = mProv.createDomain(DOMAIN_NAME, new HashMap());
/*     */       
/*     */ 
/* 102 */       Map<String, Object> attrs = new HashMap();
/* 103 */       attrs.put("zimbraIsAdminAccount", "TRUE");
/* 104 */       String sysAdminEmail = getEmailAddr("sysadmin");
/* 105 */       mSysAdminAcct = mProv.createAccount(sysAdminEmail, "test123", attrs);
/*     */       
/*     */ 
/* 108 */       ADMIN_RIGHT_ACCOUNT = getRight("test-preset-account");
/* 109 */       ADMIN_RIGHT_CALENDAR_RESOURCE = getRight("test-preset-calendarresource");
/* 110 */       ADMIN_RIGHT_CONFIG = getRight("test-preset-globalconfig");
/* 111 */       ADMIN_RIGHT_COS = getRight("test-preset-cos");
/* 112 */       ADMIN_RIGHT_DISTRIBUTION_LIST = getRight("test-preset-distributionlist");
/* 113 */       ADMIN_RIGHT_DOMAIN = getRight("test-preset-domain");
/* 114 */       ADMIN_RIGHT_GLOBALGRANT = getRight("test-preset-globalgrant");
/* 115 */       ADMIN_RIGHT_SERVER = getRight("test-preset-server");
/* 116 */       ADMIN_RIGHT_ZIMLET = getRight("test-preset-zimlet");
/*     */     }
/*     */     catch (ServiceException e) {
/* 119 */       e.printStackTrace();
/* 120 */       fail();
/*     */     }
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   String getTestName()
/*     */   {
/* 128 */     String testName = getName();
/* 129 */     if (testName == null) {
/* 130 */       return "unknownTest";
/*     */     }
/* 132 */     return getName().substring(4);
/*     */   }
/*     */   
/*     */   static void logToConsole(String level) {
/* 136 */     ZimbraLog.toolSetupLog4j(level, "/Users/pshao/sandbox/conf/log4j.properties.phoebe");
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected static String getEmailAddr(String localPart)
/*     */   {
/* 149 */     return localPart + "@" + DOMAIN_NAME;
/*     */   }
/*     */   
/*     */   protected static String getEmailAddr(String testCaseName, String localPartSufix) {
/* 153 */     if (testCaseName == null) {
/* 154 */       return localPartSufix + "@" + DOMAIN_NAME;
/*     */     }
/* 156 */     return testCaseName + "-" + localPartSufix + "@" + DOMAIN_NAME;
/*     */   }
/*     */   
/*     */   protected static String getSubDomainName(String testCaseName) {
/* 160 */     return testCaseName + "." + DOMAIN_NAME;
/*     */   }
/*     */   
/*     */   protected Account guestAccount(String email, String password) {
/* 164 */     return new GuestAccount(email, password);
/*     */   }
/*     */   
/*     */   protected Account keyAccount(String name, String accesKey) {
/* 168 */     AuthToken authToken = new ACLTestUtil.KeyAuthToken(name, accesKey);
/* 169 */     return new GuestAccount(authToken);
/*     */   }
/*     */   
/*     */   protected Account anonAccount() {
/* 173 */     return GuestAccount.ANONYMOUS_ACCT;
/*     */   }
/*     */   
/*     */   protected Account createAccount(String email) throws ServiceException {
/* 177 */     return mProv.createAccount(email, "test123", null);
/*     */   }
/*     */   
/*     */   protected DistributionList createGroup(String email) throws ServiceException {
/* 181 */     return mProv.createDistributionList(email, new HashMap());
/*     */   }
/*     */   
/*     */   protected Account createAdminAccount(String email) throws ServiceException {
/* 185 */     Map<String, Object> attrs = new HashMap();
/* 186 */     attrs.put("zimbraIsAdminAccount", "TRUE");
/* 187 */     return mProv.createAccount(email, "test123", attrs);
/*     */   }
/*     */   
/*     */   protected DistributionList createAdminGroup(String email) throws ServiceException {
/* 191 */     Map<String, Object> attrs = new HashMap();
/* 192 */     attrs.put("zimbraIsAdminGroup", "TRUE");
/* 193 */     return mProv.createDistributionList(email, attrs);
/*     */   }
/*     */   
/*     */   protected void flushAccountCache(Account acct) throws ServiceException {
/* 197 */     mProv.flushCache(CacheEntryType.account, new Provisioning.CacheEntry[] { new Provisioning.CacheEntry(Key.CacheEntryBy.id, acct.getId()) });
/*     */   }
/*     */   
/*     */   protected void makeAccountAdmin(Account acct) throws ServiceException {
/* 201 */     Map<String, Object> attrs = new HashMap();
/* 202 */     attrs.put("zimbraIsAdminAccount", "TRUE");
/* 203 */     mProv.modifyAttrs(acct, attrs);
/* 204 */     flushAccountCache(acct);
/*     */   }
/*     */   
/*     */   protected void makeGroupAdmin(DistributionList group) throws ServiceException {
/* 208 */     Map<String, Object> attrs = new HashMap();
/* 209 */     attrs.put("zimbraIsAdminGroup", "TRUE");
/* 210 */     mProv.modifyAttrs(group, attrs);
/* 211 */     mProv.flushCache(CacheEntryType.group, null);
/*     */   }
/*     */   
/*     */   protected void makeGroupNonAdmin(DistributionList group) throws ServiceException {
/* 215 */     Map<String, Object> attrs = new HashMap();
/* 216 */     attrs.put("zimbraIsAdminGroup", "FALSE");
/* 217 */     mProv.modifyAttrs(group, attrs);
/* 218 */     mProv.flushCache(CacheEntryType.group, null);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   protected Account getSystemAdminAccount(String email)
/*     */     throws ServiceException
/*     */   {
/* 226 */     return getSystemAdminAccount();
/*     */   }
/*     */   
/*     */   protected Account getSystemAdminAccount() throws ServiceException {
/* 230 */     return mSysAdminAcct;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected static enum AllowOrDeny
/*     */   {
/* 239 */     ALLOW(true, false), 
/* 240 */     DELEGABLE(true, true), 
/* 241 */     DENY(false, false);
/*     */     
/*     */     boolean mAllow;
/*     */     boolean mDelegable;
/*     */     
/*     */     private AllowOrDeny(boolean allow, boolean delegable) {
/* 247 */       this.mAllow = allow;
/* 248 */       this.mDelegable = delegable;
/*     */     }
/*     */     
/*     */     boolean deny() {
/* 252 */       return !this.mAllow;
/*     */     }
/*     */     
/*     */     boolean allow() {
/* 256 */       return this.mAllow;
/*     */     }
/*     */     
/*     */     boolean delegable() {
/* 260 */       return this.mDelegable;
/*     */     }
/*     */     
/*     */     RightModifier toRightModifier() {
/* 264 */       if (deny())
/* 265 */         return RightModifier.RM_DENY;
/* 266 */       if (delegable()) {
/* 267 */         return RightModifier.RM_CAN_DELEGATE;
/*     */       }
/* 269 */       return null;
/*     */     }
/*     */   }
/*     */   
/*     */ 
/* 274 */   protected static final AllowOrDeny ALLOW = AllowOrDeny.ALLOW;
/* 275 */   protected static final AllowOrDeny DELEGABLE = AllowOrDeny.DELEGABLE;
/* 276 */   protected static final AllowOrDeny DENY = AllowOrDeny.DENY;
/*     */   
/*     */   protected static enum AsAdmin {
/* 279 */     AS_ADMIN(true), 
/* 280 */     AS_USER(false);
/*     */     
/*     */     boolean mAsAdmin;
/*     */     
/*     */     private AsAdmin(boolean asAdmin) {
/* 285 */       this.mAsAdmin = asAdmin;
/*     */     }
/*     */     
/*     */     boolean yes() {
/* 289 */       return this.mAsAdmin;
/*     */     }
/*     */   }
/*     */   
/* 293 */   protected static final AsAdmin AS_ADMIN = AsAdmin.AS_ADMIN;
/* 294 */   protected static final AsAdmin AS_USER = AsAdmin.AS_USER;
/*     */   
/*     */   protected static enum LimitOrNoLimit
/*     */   {
/* 298 */     LIMIT(true), 
/* 299 */     NOLIMIT(false), 
/* 300 */     NULLLIMIT(false);
/*     */     
/*     */     boolean mLimit;
/*     */     
/*     */     private LimitOrNoLimit(boolean limit) {
/* 305 */       this.mLimit = limit;
/*     */     }
/*     */     
/*     */     boolean limit()
/*     */     {
/* 310 */       if (!TestACL.CHECK_LIMIT) {
/* 311 */         return false;
/*     */       }
/*     */       
/* 314 */       if (this == NULLLIMIT) {
/* 315 */         Assert.fail();
/*     */       }
/* 317 */       return this.mLimit;
/*     */     } }
/*     */   
/* 320 */   protected static final LimitOrNoLimit LIMIT = LimitOrNoLimit.LIMIT;
/* 321 */   protected static final LimitOrNoLimit NOLIMIT = LimitOrNoLimit.NOLIMIT;
/* 322 */   protected static final LimitOrNoLimit NULLLIMIT = LimitOrNoLimit.NULLLIMIT;
/*     */   
/*     */   protected static enum GetOrSet {
/* 325 */     GET(true), 
/* 326 */     SET(false);
/*     */     
/*     */     boolean mGet;
/*     */     
/*     */     private GetOrSet(boolean get) {
/* 331 */       this.mGet = get;
/*     */     }
/*     */     
/*     */ 
/* 335 */     boolean isGet() { return this.mGet; }
/*     */   }
/*     */   
/* 338 */   protected static final GetOrSet GET = GetOrSet.GET;
/* 339 */   protected static final GetOrSet SET = GetOrSet.SET;
/*     */   static final boolean POSITIVE = false;
/*     */   static final boolean NEGATIVE = true;
/*     */   
/* 343 */   protected ZimbraACE newPubACE(Right right, AllowOrDeny allowDeny) throws ServiceException { return new ZimbraACE("99999999-9999-9999-9999-999999999999", GranteeType.GT_PUBLIC, right, allowDeny.toRightModifier(), null); }
/*     */   
/*     */   protected ZimbraACE newAllACE(Right right, AllowOrDeny allowDeny)
/*     */     throws ServiceException
/*     */   {
/* 348 */     return new ZimbraACE("00000000-0000-0000-0000-000000000000", GranteeType.GT_AUTHUSER, right, allowDeny.toRightModifier(), null);
/*     */   }
/*     */   
/*     */   protected ZimbraACE newUsrACE(Account acct, Right right, AllowOrDeny allowDeny) throws ServiceException
/*     */   {
/* 353 */     return new ZimbraACE(acct.getId(), GranteeType.GT_USER, right, allowDeny.toRightModifier(), null);
/*     */   }
/*     */   
/*     */   protected ZimbraACE newGrpACE(DistributionList dl, Right right, AllowOrDeny allowDeny) throws ServiceException
/*     */   {
/* 358 */     return new ZimbraACE(dl.getId(), GranteeType.GT_GROUP, right, allowDeny.toRightModifier(), null);
/*     */   }
/*     */   
/*     */   protected ZimbraACE newKeyACE(String nameOrEmail, String accessKey, Right right, AllowOrDeny allowDeny) throws ServiceException
/*     */   {
/* 363 */     return new ZimbraACE(nameOrEmail, GranteeType.GT_KEY, right, allowDeny.toRightModifier(), accessKey);
/*     */   }
/*     */   
/*     */   Set<ZimbraACE> makeUsrGrant(Account grantee, Right right, AllowOrDeny alloworDeny) throws ServiceException {
/* 367 */     Set<ZimbraACE> aces = new HashSet();
/* 368 */     aces.add(newUsrACE(grantee, right, alloworDeny));
/* 369 */     return aces;
/*     */   }
/*     */   
/*     */   Set<ZimbraACE> makeGrpGrant(DistributionList grantee, Right right, AllowOrDeny alloworDeny) throws ServiceException {
/* 373 */     Set<ZimbraACE> aces = new HashSet();
/* 374 */     aces.add(newGrpACE(grantee, right, alloworDeny));
/* 375 */     return aces;
/*     */   }
/*     */   
/*     */ 
/*     */   static class TestViaGrant
/*     */     extends AccessManager.ViaGrant
/*     */   {
/*     */     String mTargetType;
/*     */     
/*     */     String mTargetName;
/*     */     
/*     */     String mGranteeType;
/*     */     
/*     */     String mGranteeName;
/*     */     
/*     */     String mRight;
/*     */     
/*     */     boolean mIsNegativeGrant;
/*     */     
/*     */     Set<TestViaGrant> mCanAlsoVia;
/*     */     
/*     */ 
/*     */     TestViaGrant(TargetType targetType, Entry target, GranteeType granteeType, String granteeName, Right right, boolean isNegativeGrant)
/*     */     {
/* 399 */       this.mTargetType = targetType.getCode();
/* 400 */       this.mTargetName = target.getLabel();
/* 401 */       this.mGranteeType = granteeType.getCode();
/* 402 */       this.mGranteeName = granteeName;
/* 403 */       this.mRight = right.getName();
/* 404 */       this.mIsNegativeGrant = isNegativeGrant;
/*     */     }
/*     */     
/*     */     public String getTargetType()
/*     */     {
/* 409 */       return this.mTargetType;
/*     */     }
/*     */     
/*     */     public String getTargetName()
/*     */     {
/* 414 */       return this.mTargetName;
/*     */     }
/*     */     
/*     */     public String getGranteeType()
/*     */     {
/* 419 */       return this.mGranteeType;
/*     */     }
/*     */     
/*     */     public String getGranteeName()
/*     */     {
/* 424 */       return this.mGranteeName;
/*     */     }
/*     */     
/*     */     public String getRight()
/*     */     {
/* 429 */       return this.mRight;
/*     */     }
/*     */     
/*     */     public boolean isNegativeGrant()
/*     */     {
/* 434 */       return this.mIsNegativeGrant;
/*     */     }
/*     */     
/*     */     public void addCanAlsoVia(TestViaGrant canAlsoVia) {
/* 438 */       if (this.mCanAlsoVia == null)
/* 439 */         this.mCanAlsoVia = new HashSet();
/* 440 */       this.mCanAlsoVia.add(canAlsoVia);
/*     */     }
/*     */     
/*     */     public void verify(AccessManager.ViaGrant actual) {
/*     */       try {
/* 445 */         Assert.assertEquals(getTargetType(), actual.getTargetType());
/* 446 */         Assert.assertEquals(getTargetName(), actual.getTargetName());
/* 447 */         Assert.assertEquals(getGranteeType(), actual.getGranteeType());
/* 448 */         Assert.assertEquals(getGranteeName(), actual.getGranteeName());
/* 449 */         Assert.assertEquals(getRight(), actual.getRight());
/* 450 */         Assert.assertEquals(isNegativeGrant(), actual.isNegativeGrant());
/*     */       } catch (AssertionFailedError e) {
/* 452 */         if (this.mCanAlsoVia == null) {
/* 453 */           throw e;
/*     */         }
/*     */         
/* 456 */         for (TestViaGrant canAlsoVia : this.mCanAlsoVia) {
/*     */           try {
/* 458 */             canAlsoVia.verify(actual);
/*     */             
/* 460 */             return;
/*     */           }
/*     */           catch (AssertionFailedError eAlso) {}
/*     */         }
/*     */         
/*     */ 
/*     */ 
/* 467 */         throw e;
/*     */       }
/*     */     }
/*     */   }
/*     */   
/*     */   static class AuthUserViaGrant
/*     */     extends TestACL.TestViaGrant
/*     */   {
/*     */     AuthUserViaGrant(TargetType targetType, Entry target, Right right, boolean isNegativeGrant)
/*     */     {
/* 477 */       super(target, GranteeType.GT_AUTHUSER, null, right, isNegativeGrant);
/*     */     }
/*     */   }
/*     */   
/*     */   static class PubViaGrant
/*     */     extends TestACL.TestViaGrant
/*     */   {
/*     */     PubViaGrant(TargetType targetType, Entry target, Right right, boolean isNegativeGrant)
/*     */     {
/* 486 */       super(target, GranteeType.GT_PUBLIC, null, right, isNegativeGrant);
/*     */     }
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected void verify(Account grantee, Entry target, Right right, AllowOrDeny expected, AccessManager.ViaGrant expectedVia)
/*     */     throws Exception
/*     */   {
/* 501 */     verify(grantee, target, right, AS_USER, expected, expectedVia);
/*     */   }
/*     */   
/*     */   protected void verifyDefinedDefault(Account grantee, Entry target, Right right) throws Exception {
/* 505 */     if ((right == Rights.User.R_invite) || (right == Rights.User.R_viewFreeBusy)) {
/* 506 */       verify(grantee, target, right, AS_USER, ALLOW, null);
/*     */     } else {
/* 508 */       verify(grantee, target, right, AS_USER, DENY, null);
/*     */     }
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   void assertEquals(AccessManager.ViaGrant expected, AccessManager.ViaGrant actual)
/*     */   {
/* 539 */     if ((expected == null) && (actual == null)) {
/* 540 */       return;
/*     */     }
/* 542 */     if (!(AccessManager.getInstance() instanceof ACLAccessManager)) {
/* 543 */       return;
/*     */     }
/* 545 */     if ((expected instanceof TodoViaGrant)) {
/* 546 */       return;
/*     */     }
/* 548 */     ((TestViaGrant)expected).verify(actual);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected void verify(Account grantee, Entry target, Right right, AsAdmin asAdmin, AllowOrDeny expected, AccessManager.ViaGrant expectedVia)
/*     */     throws Exception
/*     */   {
/* 558 */     AccessManager.ViaGrant via = expectedVia == null ? null : new AccessManager.ViaGrant();
/* 559 */     boolean result = mAM.canDo(grantee == null ? null : grantee, target, right, asAdmin.yes(), via);
/* 560 */     assertEquals(expected.allow(), result);
/* 561 */     assertEquals(expectedVia, via);
/*     */     
/*     */ 
/* 564 */     via = expectedVia == null ? null : new AccessManager.ViaGrant();
/* 565 */     result = mAM.canDo(grantee == null ? null : AuthProvider.getAuthToken(grantee), target, right, asAdmin.yes(), via);
/* 566 */     assertEquals(expected.allow(), result);
/* 567 */     assertEquals(expectedVia, via);
/*     */     
/*     */ 
/* 570 */     via = expectedVia == null ? null : new AccessManager.ViaGrant();
/* 571 */     result = mAM.canDo(grantee == null ? null : grantee.getName(), target, right, asAdmin.yes(), via);
/* 572 */     if (((grantee instanceof GuestAccount)) && (((GuestAccount)grantee).getAccessKey() != null))
/*     */     {
/*     */ 
/*     */ 
/*     */ 
/* 577 */       return;
/*     */     }
/* 579 */     assertEquals(expected.allow(), result);
/* 580 */     assertEquals(expectedVia, via);
/*     */   }
/*     */   
/*     */   void assertEquals(Set<String> expected, Set<String> actual) {
/* 584 */     assertEquals(expected.size(), actual.size());
/* 585 */     for (String s : expected)
/* 586 */       assertTrue(actual.contains(s));
/*     */   }
/*     */   
/*     */   void assertEquals(AllowedAttrs expected, AllowedAttrs actual) {
/* 590 */     assertEquals(expected.getResult(), actual.getResult());
/* 591 */     if (actual.getResult() == AllowedAttrs.Result.ALLOW_SOME) {
/* 592 */       assertEquals(expected.getAllowed(), actual.getAllowed());
/*     */     }
/*     */   }
/*     */   
/*     */   protected void verify(Account grantee, Entry target, GetOrSet getOrSet, AllowedAttrs expected)
/*     */   {
/*     */     try {
/* 599 */       AllowedAttrs allowedAttrs = getOrSet.isGet() ? CheckAttrRight.accessibleAttrs(new RightBearer.Grantee(grantee), target, AdminRight.PR_GET_ATTRS, false) : CheckAttrRight.accessibleAttrs(new RightBearer.Grantee(grantee), target, AdminRight.PR_SET_ATTRS, false);
/*     */       
/*     */ 
/*     */ 
/* 603 */       assertEquals(expected, allowedAttrs);
/*     */     } catch (ServiceException e) {
/* 605 */       fail();
/*     */     }
/*     */   }
/*     */   
/*     */   protected void verify(Account grantee, Entry target, Right right, Map<String, Object> attrs, AllowOrDeny expected) throws ServiceException {
/* 610 */     boolean actual = mAM.canPerform(grantee, target, right, false, attrs, true, null);
/* 611 */     assertEquals(expected.allow(), actual);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected List<ZimbraACE> grantRight(TargetType targetType, Entry target, Set<ZimbraACE> aces)
/*     */     throws ServiceException
/*     */   {
/* 630 */     for (ZimbraACE ace : aces) {
/* 631 */       assertTrue(ace.getRight().isUserRight());
/*     */     }
/*     */     Entry targetEntry;
/*     */     Entry targetEntry;
/* 635 */     if ((target instanceof Zimlet))
/*     */     {
/* 637 */       String targetName = ((Zimlet)target).getName();
/* 638 */       targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.name, targetName);
/*     */     } else {
/* 640 */       String targetId = (target instanceof NamedEntry) ? ((NamedEntry)target).getId() : null;
/* 641 */       targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.id, targetId);
/*     */     }
/* 643 */     return ACLUtil.grantRight(mProv, targetEntry, aces);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected void grantRight(Account authedAcct, TargetType targetType, NamedEntry target, GranteeType granteeType, NamedEntry grantee, Right right, AllowOrDeny grant)
/*     */     throws ServiceException
/*     */   {
/* 654 */     RightCommand.grantRight(mProv, authedAcct, targetType.getCode(), TargetBy.name, target == null ? null : target.getName(), granteeType.getCode(), GranteeSelector.GranteeBy.name, grantee.getName(), null, right.getName(), grant.toRightModifier());
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected void grantDelegableRight(Account authedAcct, TargetType targetType, NamedEntry target, GranteeType granteeType, NamedEntry grantee, Right right)
/*     */     throws ServiceException
/*     */   {
/* 665 */     RightCommand.grantRight(mProv, authedAcct, targetType.getCode(), TargetBy.name, target == null ? null : target.getName(), granteeType.getCode(), GranteeSelector.GranteeBy.name, grantee.getName(), null, right.getName(), RightModifier.RM_CAN_DELEGATE);
/*     */   }
/*     */   
/*     */ 
/*     */   protected List<ZimbraACE> revokeRight(TargetType targetType, Entry target, Set<ZimbraACE> aces)
/*     */     throws ServiceException
/*     */   {
/*     */     Entry targetEntry;
/*     */     
/*     */     Entry targetEntry;
/*     */     
/* 676 */     if ((target instanceof Zimlet))
/*     */     {
/* 678 */       String targetName = ((Zimlet)target).getName();
/* 679 */       targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.name, targetName);
/*     */     } else {
/* 681 */       String targetId = (target instanceof NamedEntry) ? ((NamedEntry)target).getId() : null;
/* 682 */       targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.id, targetId);
/*     */     }
/* 684 */     return ACLUtil.revokeRight(mProv, targetEntry, aces);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   protected void revokeRight(Account authedAcct, TargetType targetType, NamedEntry target, GranteeType granteeType, NamedEntry grantee, Right right, AllowOrDeny grant)
/*     */     throws ServiceException
/*     */   {
/* 692 */     RightCommand.revokeRight(mProv, authedAcct, targetType.getCode(), TargetBy.name, target == null ? null : target.getName(), granteeType.getCode(), GranteeSelector.GranteeBy.name, grantee.getName(), right.getName(), grant.toRightModifier());
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   protected void revokeDelegableRight(Account authedAcct, TargetType targetType, NamedEntry target, GranteeType granteeType, NamedEntry grantee, Right right)
/*     */     throws ServiceException
/*     */   {
/* 703 */     RightCommand.revokeRight(mProv, authedAcct, targetType.getCode(), TargetBy.name, target == null ? null : target.getName(), granteeType.getCode(), GranteeSelector.GranteeBy.name, grantee.getName(), right.getName(), RightModifier.RM_CAN_DELEGATE);
/*     */   }
/*     */   
/*     */ 
/*     */   static Right getRight(String right)
/*     */     throws ServiceException
/*     */   {
/* 710 */     return RightManager.getInstance().getRight(right);
/*     */   }
/*     */   
/*     */   static String inlineRightGet(TargetType targetType, String attrName) {
/* 714 */     return "get." + targetType.getCode() + "." + attrName;
/*     */   }
/*     */   
/*     */   static String inlineRightSet(TargetType targetType, String attrName) {
/* 718 */     return "set." + targetType.getCode() + "." + attrName;
/*     */   }
/*     */   
/*     */ 
/*     */   protected void cleanupGrants()
/*     */     throws ServiceException
/*     */   {
/* 725 */     Account sysAdmin = getSystemAdminAccount();
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   public static void main(String[] args)
/*     */     throws Exception
/*     */   {
/* 745 */     CliUtil.toolSetup("INFO");
/*     */     
/*     */ 
/* 748 */     if ((mAM instanceof ACLAccessManager)) {
/* 749 */       TestUtil.runTest(TestACLGrant.class);
/*     */     }
/*     */   }
/*     */   
/*     */   protected void verifyDefault(Account grantee, Entry target, Right right)
/*     */     throws Exception
/*     */   {}
/*     */   
/*     */   static class TodoViaGrant
/*     */     extends AccessManager.ViaGrant
/*     */   {}
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/qa/unittest/TestACL.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */